Machine readable identification cards in commercial transactions and other applications have become prevalent. For example, in security systems, and identification card is often presented to gain access to a guarded area. In credit card purchase transactions, a machine readable identification card, presented to a vendor, permits a credit card holder to debit an account held by the institution issuing the card. In commercial banking, limited service, unattended banking terminals have been provided using equipment responsive to a machine readable identification card. The card is often formed of a plastic medium and contains machine readable information in the form of, for example, embossed indicia, apertures, electrically conducting segments or magnetically recordable regions carrying a customer account number and other information, such as expiration date and customer status.
In an automated cash withdrawal system, the unattended bank terminal or automated teller, favorably responding to the machine readable card, advances money to the customer at any time of the day or night. A cash dispensing apparatus used in such a system is disclosed in copending application, Ser. No. 502,898, filed Sept. 3, 1974, now U.S. Pat. No. 3,943,335, commonly assigned with the present invention.
The unattended terminal has been designed as a stand-alone service unit. However, in order to extend the benefits of service and security of on-line systems to the stand-along units, the unattended banking terminal has since been merged into on-line processing system associated with each financial institution offering the service.
Typically, automated banking systems read data contained on the card, such as time period of authorization, authorized amount of transaction, data of last use, account balance, and account number. If the holder of the card is the authorized holder, the transaction requested, e.g., cash withdrawal, is processed. The processing operations include interrogating the account of the holder for adequate funds, debiting the account by the amount of the transaction and delivering cash to the customer. Such a system has resulted in the provision of efficient and economical banking available at any time of day or night.
A primary difficulty with prior automated banking stations, and with other systems utilizing machine readable identification media, has been system security. An extremely large volume of customer identification cards proliferated by a large number of institutions has created a widespread problem of participation by non-authorized card holders. In view of a wide trafficking of stolen credit cards and counterfeiting of cards, a vendor or financial institution is no longer assured that the holder of the card is authorized to transact in the system.
To overcome this difficulty, it has been suggested to scramble the account number to develop a secret number which is revealed only to the authorized holder of the card at the time of issue. In use, the holder of the card enters the secret number into the system by way of a keyboard, or like device. The data contained on the card are read by a scanner at the terminal and are scrambled by a number translator. If the scrambled number favorably correlates with the secret number, the card holder is presumed authorized and the requested transaction is completed provided at least that the card is unexpired and adequate funds are in the account to cover the requested withdrawal.
Although the use of a secret number derived from data on the card for verification substantially enhances system security, the code for converting the account number to the secret number, although extremely difficult to ascertain, has occasionally been embarrassed by an unauthorized holder.
Systems have been developed for decreasing the possibility of an unauthorized card holder deriving the secret number from card contained data. For example, in the U.S. Pat. to Spetz No. 3,794,813, a verification system utilizes a truth table for deriving a secret number from the account number recorded on the card. Data for addressing the truth table are logically derived from arbitrarily selected bits from a field of digitally encoded digits contained on the card. In order to provide the arbitrary selection of digits contained on the card, a complex switching arrangement is provided for selectively sampling certain bits of binary encoded digits recorded on the card. A bank or other institution, once having arbitrarily chosen certain of the bits for forming address words for the truth table by operating the switching arrangement, is thereafter limited to that choice and the use of the card is limited to that bank or other institution.
While the unattended banking terminal has afforded the customer access to his account at any time of the day or night, he is still restricted to a geographical area in which the institution has installed terminals. It is highly desirable to also afford the customer access to his account through the terminal devices of other institutions whereby the customer is no longer restricted to a geographical area. Access to an account at one institution from another cooperating institution is referred to in the banking industry as interchange and is provided on a reciprocal basis wherein the cooperating institutions agree to exchange transactions over links between one-line systems.
In order to effect interchange capability in a card validation system, it is necessary to provide a system which is compatible among cooperating institutions in an interchange network, while avoiding comingling of accounting. Accordingly, it is necessary that a standard card be issued to all customers of the cooperating institutions, the cards being encoded to identify the particular institution holding the account while being processable by the terminal equipment of the cooperating institutions. There is a present need for a verification system which permits interchange between different cooperating institutions and is highly immune to unauthorized card holders.
In order to assure maximum security, it is imperative that the authorized holder of the card not record the secret number in a place which is accessible to a possible unauthorized user of the card. For example, should the authorized holder, to avoid forgetting the secret number, record the secret number on the surface of the card, the card could be used by an unauthorized holder because the unauthorized holder would be able to keyboard enter the secret number.
It has been proposed that the authorized holder of the card be permitted to select his own secret number when the card is issued as an aid to memory. For example, the authorized holder might choose the year of his birth as his secret number to minimize the chance that he would subsequently forget the number. In the U.S. Pat. to Stambler No. 3,786,420, issued Jan. 15, 1974, as an aid to security, a card validation system includes means for permitting a customer to select the first digit of a multidigit secret number at the time that the card is issued. However, the remaining digits of the secret number are then generated by the system and the multidigit secret number, issued to the authorized user, bears no ascertainable relation to the selected digit and does not serve as an aid to memory. It is desirable to provide a system of the character described which permits the authorized holder of the card to select all digits of his secret number whereby the selected number is made to correspond to data permanently recorded on the card prior to customer selection of the secret number.